hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

MastoAPI: Unify pin/bookmark/mute/fav not visible responses to 404

Browse source 
Also adds more tests for these interactions.
This commit is contained in:
Phantasm 2025-12-11 22:37:51 +01:00
commit fe7108cbc2
No known key found for this signature in database
GPG key ID: 2669E588BCC634C8
5 changed files with 88 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

2
test/pleroma/web/common_api_test.exs
View file

@ -1072,7 +1072,7 @@ defmodule Pleroma.Web.CommonAPITest do
test "only public can be pinned", %{user: user} do
{:ok, activity} = CommonAPI.post(user, %{status: "private status", visibility: "private"})
{:error, :visibility_error} = CommonAPI.pin(activity.id, user)
{:error, :non_public_error} = CommonAPI.pin(activity.id, user)
end
test "unpin status", %{user: user, activity: activity} do

60
test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
View file

@ -1630,6 +1630,19 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
assert to_string(activity.id) == id
end
test "can't unfavourite post that isn't visible to user" do
user = insert(:user)
%{conn: conn, user: stranger} = oauth_access(["write:favourites"])
{:ok, activity} = CommonAPI.post(user, %{status: "invisible", visibility: "private"})
refute Pleroma.Web.ActivityPub.Visibility.visible_for_user?(activity, stranger)
assert conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/statuses/#{activity.id}/unfavourite")
|> json_response_and_validate_schema(404) == %{"error" => "Record not found"}
end
test "can't unfavourite post that isn't favourited", %{conn: conn} do
activity = insert(:note_activity)
@ -1675,6 +1688,19 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
end
end
test "can't favourite post that isn't visible to user" do
user = insert(:user)
%{conn: conn, user: stranger} = oauth_access(["write:favourites"])
{:ok, activity} = CommonAPI.post(user, %{status: "invisible", visibility: "private"})
refute Pleroma.Web.ActivityPub.Visibility.visible_for_user?(activity, stranger)
assert conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/statuses/#{activity.id}/favourite")
|> json_response_and_validate_schema(404) == %{"error" => "Record not found"}
end
describe "pinned statuses" do
setup do: oauth_access(["write:accounts"])
@ -1721,6 +1747,18 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
}
end
test "/pin: returns 404 error when activity not visible to user", %{user: user} do
%{conn: conn, user: stranger} = oauth_access(["write:accounts"])
{:ok, activity} = CommonAPI.post(user, %{status: "invisible", visibility: "private"})
refute Pleroma.Web.ActivityPub.Visibility.visible_for_user?(activity, stranger)
assert conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/statuses/#{activity.id}/pin")
|> json_response_and_validate_schema(404) == %{"error" => "Record not found"}
end
test "pin by another user", %{activity: activity} do
%{conn: conn} = oauth_access(["write:accounts"])
@ -1892,6 +1930,28 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
json_response_and_validate_schema(bookmarks, 200)
end
test "cannot bookmark invisible post" do
user = insert(:user)
%{conn: conn, user: stranger} = oauth_access(["write:bookmarks"])
{:ok, activity} = CommonAPI.post(user, %{status: "mocha", visibility: "private"})
refute Pleroma.Web.ActivityPub.Visibility.visible_for_user?(activity, stranger)
resp1 =
conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/statuses/#{activity.id}/bookmark")
assert json_response_and_validate_schema(resp1, 404) == %{"error" => "Record not found"}
resp2 =
conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/statuses/#{activity.id}/unbookmark")
assert json_response_and_validate_schema(resp2, 404) == %{"error" => "Record not found"}
end
test "bookmark folders" do
%{conn: conn, user: user} = oauth_access(["write:bookmarks", "read:bookmarks"])